February 20, 2016 By Cindy Compert 3 min read

In Part I of this series, I discussed how data security and privacy best practices are similar to the children’s game “Treasure Hunt,” and I offered 10 tips for protecting your booty upon arrival at your tropical island. But what are you supposed to do before you even get there? Here are seven additional best practices on how to prepare.

1. Cash Is King

Before you set out on your journey, a visit to the king is in order to secure patronage. Have you identified your executive sponsor and associated budget? If not, you may find yourself lost at sea and unable to remain afloat.

2. Watch Your Ballast

Ballast is what provides stability for your ship. Too much and you risk sinking in rough seas. In data security, the equivalent of ballast is being weighed down by manual processes and tools that don’t meet your needs. Throw them overboard! Consider using automated methods to identify what’s important, such as data sources, files and databases.

3. Beware of Traitors

A traitor could derail your entire journey by giving up your position and sharing valuable information with pirates. No one wants to talk about rogue employees and the risk of insider threats. Nevertheless, we need to be thinking like pirates at all times and anticipating all possibilities. Activity monitoring is a good way to ensure that the crew doesn’t turn against you.

4. Avoid Mutiny

If you’ve ever seen “Mutiny on the Bounty,” you know what happens when a captain does not have the crew’s respect. Worse than a traitor, your very existence could be threatened.

Being a strong leader means being clear about your team’s roles and responsibilities with respect to data protection. Who administers the policies? What mechanisms do you have in place for approvals and escalations? Using a structured approach with built-in workflows means ensuring everyone signs off on exceptions.

5. Check the Weather Often

Back in the days of sail, both wind and weather made the difference between getting to your destination, going down with the ship or succumbing to illness and starvation. In data security and privacy, the weather is the prevailing regulatory environment.

With the EU-U.S. Privacy Shield potentially replacing Safe Harbor in addition to the new EU GDPR regulations taking effect in 2018, it’s critical to understand the changes on the horizon and to anticipate how those changes might impact your plans.

6. Always Be Prepared for Battle

Being prepared means having both detective and preventive measures in place. Do you have a lookout 24 hours a day? What if a ship approaches and the pirates try to board? In data security, you must observe all activity and have a plan in place to identify and then respond to unusual activity.

Sometimes those pirates are so tricky that they foil all our best defenses, such as blocking rogue SQL, alerting, etc. How do you detect unusual data access activity patterns? This is where machine learning comes in — applying cognitive computing techniques to identify that needle in the haystack.

7. One Man’s Trash Is Another Man’s Treasure

Be careful about how you dispose of your trash. If you drop it overboard, you will be leaving valuable clues for the pirates (in addition to being a polluter).

The same is true for removing old data. It needs to be disposed of in a manner that ensures it is no longer usable. Several recent breaches involved access to unneeded data that could have been either placed into a secure archive or disposed of entirely. Old data equals risk.

Learn more about securing the data that powers your business

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today